The New York Times is reporting that the attacks against Google and other companies late last year, attacks which Google sourced to China, may have exposed Google's single-sign-on system, code-named Gaia.
The attacks were revealed in January. Many companies are said to have been hit, but very few—Google and Adobe—are named. The incident led to much outrage from the company and an official "inquiry" by Secretary of State Hillary Clinton. Google announced that they would no longer perform the censoring of their Chinese sites demanded by the Chinese government. In March, they started redirecting Google.cn requests to their Hong Kong site at google.com.hk, but traffic to that site from China is filtered at other levels by the government.
The Times report is vague about exactly what was compromised: was it the source code for Gaia? The control system? The passwords themselves? The story says that no actual passwords appear to have been stolen, but that the event creates the possibility that the attackers will be better-able to craft more sophisticated attacks.
In response, Google has enabled a new layer of encryption for GMail and took other measures, including physical security measures at data centers, to tighten security. One would hope that they also took the time to upgrade the Windows XP IE6 system that was compromised to open the door for the attackers.
The attacks were revealed in January. Many companies are said to have been hit, but very few—Google and Adobe—are named. The incident led to much outrage from the company and an official "inquiry" by Secretary of State Hillary Clinton. Google announced that they would no longer perform the censoring of their Chinese sites demanded by the Chinese government. In March, they started redirecting Google.cn requests to their Hong Kong site at google.com.hk, but traffic to that site from China is filtered at other levels by the government.
The Times report is vague about exactly what was compromised: was it the source code for Gaia? The control system? The passwords themselves? The story says that no actual passwords appear to have been stolen, but that the event creates the possibility that the attackers will be better-able to craft more sophisticated attacks.
In response, Google has enabled a new layer of encryption for GMail and took other measures, including physical security measures at data centers, to tighten security. One would hope that they also took the time to upgrade the Windows XP IE6 system that was compromised to open the door for the attackers.
No comments:
Post a Comment